CVE-2025-38182

HIGH EPSS 5.1%
Published Jul 4, 202512mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 4, 2025 12mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
5.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.6.95
linuxlinux_kernel*≥6.7  –  <6.12.35
linuxlinux_kernel*≥6.13  –  <6.15.4
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any

References 4

  • git.kernel.org https://git.kernel.org/stable/c/0f8df5d6f25ac17c52a8bc6418e60a3e63130550
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3162d8235c8c4d585525cee8a59d1c180940a968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c8472855884355caf3d8e0c50adf825f83454b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2b2b7cf6368580114851cb3932f2ad9fbf23386
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0f8df5d6f25ac17c52a8bc6418e60a3e63130550
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3162d8235c8c4d585525cee8a59d1c180940a968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8c8472855884355caf3d8e0c50adf825f83454b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e2b2b7cf6368580114851cb3932f2ad9fbf23386
    Patch